Generalization.
This commit is contained in:
parent
e8bd316647
commit
af60578268
14
client.conf
14
client.conf
@ -1,14 +0,0 @@
|
||||
client
|
||||
dev tun
|
||||
proto udp
|
||||
remote 92.222.98.176 1194
|
||||
resolv-retry infinite
|
||||
nobind
|
||||
persist-key
|
||||
persist-tun
|
||||
ca /etc/openvpn/client/ca.crt
|
||||
cert /etc/openvpn/client/client-ovh1.crt
|
||||
key /etc/openvpn/client/client-ovh1.key
|
||||
ns-cert-type server
|
||||
comp-lzo
|
||||
verb 3
|
||||
@ -10,21 +10,10 @@ services:
|
||||
volumes:
|
||||
- ./keys:/etc/openvpn/client:Z
|
||||
- ./client.conf:/etc/openvpn/openvpn.conf:Z
|
||||
- ./post-up.sh:/root/post-up.sh:Z
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
sysctls:
|
||||
net.ipv4.ip_forward: 1
|
||||
devices:
|
||||
- "/dev/net/tun:/dev/net/tun"
|
||||
dns: 80.67.169.12
|
||||
networks:
|
||||
openvpn-network:
|
||||
ipv4_address: 172.31.1.2
|
||||
|
||||
networks:
|
||||
openvpn-network:
|
||||
name: openvpn-network
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.31.1.0/24
|
||||
|
||||
network_mode: "host"
|
||||
|
||||
30
docker-compose.yml-subnet
Normal file
30
docker-compose.yml-subnet
Normal file
@ -0,0 +1,30 @@
|
||||
# needs at least docker-compose 1.18.0 (1.10.0 for sysctls option and 1.18.0 for custom network name)
|
||||
version: "2.1"
|
||||
|
||||
services:
|
||||
|
||||
vpn-client:
|
||||
image: vpn-client:$VERSION_VPN_CLIENT
|
||||
build: "https://git.scimetis.net/yohan/docker-VPN-client.git"
|
||||
restart: always
|
||||
volumes:
|
||||
- ./keys:/etc/openvpn/client:Z
|
||||
- ./client.conf:/etc/openvpn/openvpn.conf:Z
|
||||
- ./post-up.sh:/root/post-up.sh:Z
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
sysctls:
|
||||
net.ipv4.ip_forward: 1
|
||||
devices:
|
||||
- "/dev/net/tun:/dev/net/tun"
|
||||
dns: 80.67.169.12
|
||||
networks:
|
||||
openvpn-network:
|
||||
ipv4_address: 172.32.0.2
|
||||
|
||||
networks:
|
||||
openvpn-network:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.32.0.0/24
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
#!/bin/bash
|
||||
# stop service and clean up here
|
||||
function shut_down() {
|
||||
/etc/init.d/squid stop
|
||||
reset
|
||||
echo "exited $0"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# USE the trap if you need to also do manual cleanup after the service is stopped,
|
||||
# or need to start multiple services in the one container
|
||||
trap "shut_down" SIGINT SIGTERM SIGKILL
|
||||
|
||||
/bin/ip route change default via ${subnet}.2 dev eth0
|
||||
bash -c '> /etc/resolv.conf'
|
||||
echo "nameserver 80.67.169.12" >> /etc/resolv.conf
|
||||
echo "100 toengine" >> /etc/iproute2/rt_tables
|
||||
iptables -t mangle -A OUTPUT -p tcp --sport 3128 -j MARK --set-mark 01
|
||||
ip rule add fwmark 01 lookup toengine
|
||||
ip route add default via ${subnet}.1 table toengine
|
||||
# start service in background here
|
||||
/etc/init.d/squid start
|
||||
while pidof squid > /dev/null
|
||||
do
|
||||
sleep 3
|
||||
done
|
||||
shut_down
|
||||
|
||||
@ -17,15 +17,25 @@ sudo bash -c "grep -q ipt_MARK $MODULE_FILE \
|
||||
|| { echo '# Loading ipt_MARK at boot is needed to use iptables -j MARK in docker containers' >> $MODULE_FILE; \
|
||||
echo 'ipt_MARK' >> $MODULE_FILE; }"
|
||||
|
||||
source vars
|
||||
test -z $1 || HOST="_$1"
|
||||
test -z $2 || INSTANCE="_$2"
|
||||
test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://cloud.scimetis.net/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
|
||||
sudo rm -f keys/*
|
||||
test -f ~/secrets.tar.gz.enc || curl -o ~/secrets.tar.gz.enc "https://${CLOUD_SERVER}/s/${KEY}/download?path=%2F&files=secrets.tar.gz.enc"
|
||||
openssl enc -aes-256-cbc -d -in ~/secrets.tar.gz.enc | sudo tar -zxv --strip 2 secrets/docker-VPN-client-stack${HOST}${INSTANCE}/keys
|
||||
|
||||
sudo chown -R root. client.conf keys
|
||||
rm -rf ~/config
|
||||
git clone https://${GIT_SERVER}/yohan/config.git ~/config
|
||||
sudo cp -a ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/client.conf ./
|
||||
test -f ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/post-up.sh \
|
||||
&& sudo cp -a ~/config/docker-VPN-client-stack${HOST}${INSTANCE}/post-up.sh ./ \
|
||||
|| sudo bash -c 'echo "#!/bin/bash" > post-up.sh'
|
||||
rm -rf ~/config
|
||||
sudo chown -R root. client.conf keys post-up.sh
|
||||
sudo chmod +x post-up.sh
|
||||
|
||||
# --force-recreate is used to recreate container when crontab file has changed
|
||||
unset VERSION_VPN_CLIENT
|
||||
VERSION_VPN_CLIENT=$(git ls-remote https://git.scimetis.net/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
|
||||
VERSION_VPN_CLIENT=$(git ls-remote https://${GIT_SERVER}/yohan/docker-VPN-client.git| head -1 | cut -f 1|cut -c -10) \
|
||||
sudo -E bash -c 'docker-compose up -d --force-recreate'
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user